diff --git a/auth-new/passkey.go b/auth-new/passkey.go
index a680851..ed5ef60 100644
--- a/auth-new/passkey.go
+++ b/auth-new/passkey.go
@@ -1,16 +1,48 @@
 package auth
 
-import "git.mstar.dev/mstar/linstrom/storage-new/dbgen"
+import (
+	"encoding/json"
+	"net/http"
+	"time"
 
-func (a *Authenticator) StartPasskeyLogin(username string) error {
+	"git.mstar.dev/mstar/goutils/other"
+	"github.com/go-webauthn/webauthn/protocol"
+
+	"git.mstar.dev/mstar/linstrom/storage-new/dbgen"
+	"git.mstar.dev/mstar/linstrom/storage-new/models"
+)
+
+func (a *Authenticator) StartPasskeyLogin(username string) (*protocol.CredentialAssertion, error) {
 	acc, err := dbgen.User.Where(dbgen.User.Username.Eq(username)).First()
 	if err != nil {
-		return err
+		return nil, err
 	}
-	_ = acc
+	wrappedAcc := fakeUser{acc}
+	options, session, err := a.webauthn.BeginLogin(&wrappedAcc)
+	if err != nil {
+		return nil, err
+	}
+	pkeySession := models.LoginProcessToken{
+		User:      *acc,
+		UserId:    acc.ID,
+		ExpiresAt: time.Now().Add(time.Minute * 3),
+		Token:     string(other.Must(json.Marshal(session))),
+	}
+	err = dbgen.LoginProcessToken.Create(&pkeySession)
+	if err != nil {
+		return nil, err
+	}
+	return options, nil
+}
+
+func (a *Authenticator) CompletePasskeyLogin(username string, response *http.Request) error {
 	panic("Not implemented") // TODO: Implement me
 }
 
-func (a *Authenticator) CompletePasskeyLogin(username string) error {
+func (a *Authenticator) StartPasskeyRegistration(username string) error {
+	panic("Not implemented") // TODO: Implement me
+}
+
+func (a *Authenticator) CompletePasskeyRegistration(username string) error {
 	panic("Not implemented") // TODO: Implement me
 }